Privacy & Security First

Safety is foundational

FERPA and VPAT compliant. HECVAT and DPA ready. Student data stays protected without exceptions.

FERPA Compliant
WCAG 2.1 AA
HECVAT ready
For Higher Education Institutions

Procurement documentation

Everything your IT security and procurement teams need to evaluate StarQuiz.

HECVAT

Higher Education Community Vendor Assessment Toolkit. Completed and ready for your security review.

Data Processing Agreement (DPA)

Contract template ready to sign. FERPA and SOPIPA compliant.

Accessibility (VPAT)

WCAG 2.1 AA compliant. Full VPAT available on request.

Data Hosting

AWS, North America region. Enterprise-grade infrastructure with 24/7 monitoring.

Breach Notification

72-hour notification timeline. Full incident response plan available on request.

Need documentation?

HECVAT, DPA, subprocessors list, VPAT, security whitepaper, and incident response plan available for institutional review.

Technical Security

Enterprise-grade security

Compliance backed by technical safeguards, not just policies.

Encryption everywhere

AES-256 encryption at rest and TLS 1.3 in transit. Your data is encrypted from the moment it's created to when it's stored.

AWS North America

Data hosted on AWS infrastructure in North America with 24/7 monitoring, redundant backups, and disaster recovery.

Access controls

Role-based access with multi-factor authentication. Only authorized users see student data, with complete audit logging.

Federal Law

FERPA Compliance

The Family Educational Rights and Privacy Act protects student education records. StarQuiz is fully FERPA compliant, ensuring that student data is never shared without proper authorization.

  • Institutional consent controls

    Institutions maintain full control over student data access and sharing permissions.

  • No third-party data sharing

    Student information is never sold, shared, or used for advertising purposes.

FERPA compliance illustration
Accessibility

WCAG 2.1 AA Compliant

We follow Web Content Accessibility Guidelines (WCAG) 2.1 Level AA to ensure StarQuiz is usable by everyone, regardless of ability.

  • VPAT available

    Voluntary Product Accessibility Template (VPAT) documents our accessibility conformance for procurement review.

  • Ongoing testing

    Regular accessibility audits using Lighthouse, Equal Web, and IBM Accessibility Checker ensure continued compliance.

Accessibility compliance illustration
K-12 Compliance

COPPA Compliant

For K-12 institutions serving students under 13, StarQuiz complies with COPPA (Children's Online Privacy Protection Act), ensuring child privacy protection with no behavioral advertising, minimal data collection, and school-verified consent mechanisms.

COPPA compliance illustration

How we handle your data

Transparency in practice. Here's exactly what we collect, why we collect it, and how we protect it.

What we collect

  • Student names and identifiers
  • Assessment responses and scores
  • Course enrollment data
  • Learning progress metrics

What we don't collect

  • Social security numbers
  • Financial information
  • Behavioral tracking data
  • Precise geolocation data

Your rights

  • Request data export anytime
  • Request complete data deletion
  • Review access logs
  • Opt out at any time

AI & Data Protection How we protect data sent to AI systems

Your content is sanitized before it touches any AI. Teachers control everything after.

PII sanitization

  • Presidio + spaCy detects personal data before AI processing
  • Emails, phone numbers, IDs, credentials auto-redacted
  • Only sanitized content reaches AI providers
  • Custom pattern matching catches API keys and secrets

Teacher control

  • Edit all AI-generated questions before students see them
  • Override any AI-assigned grade
  • Modify AI feedback after delivery
  • Answer key changes auto-regrade all submissions

Frequently asked questions

Bring StarQuiz to your courses

AI-powered formative assessment

General
Resources
Support & Legal

© StarCLS, Inc